Main menu

Help Tor Find a New Executive Director

The Tor Project is continuing its world-wide search for our new Executive Director. We need your help to find this person, whether they work for a nonprofit organization, for a tech company, at a university, for an open software project, or somewhere else entirely. We are open to candidates from lots of different backgrounds.

"The Tor Project, one of the world’s strongest advocates for privacy and anonymous, open communications is currently seeking an experienced Executive Director to lead the organization. The new Executive Director will spearhead key initiatives to make the organization even more robust in its work to advance human rights and freedoms by creating and deploying anonymity and privacy technologies, advancing their scientific and popular understanding, and encouraging their use."

Please take a moment to consider whether you know a candidate, likely or unlikely, who might be a great fit for this position.

If I understand correctly, Roger D, currently the interim Director, says he doesn't want the job on a permanent basis. Is that still true? Some people might be discouraged from applying if they believe someone else has the inside track.

I hope you can find someone with an established record in civil liberties and/or human rights, with enough technical knowledge to win the respect of the developers, and with demonstrated leadership/media skills.

Anyway, good luck. The future of the Project (and Tor users everywhere) depend upon the Search Committee finding the right person.

Yes indeed. Here's the mail I've been sending people to encourage them to think about who would be a great person:
---

Hi !

I'd like your help with getting a great new executive director for
Tor. Some of the characteristics I'm hopeful for are a) connections in
the non-profit space, b) familiarity with the free software ethos, and c)
ability to manage people. But that said, we want many qualities in our new
execdir, and there is no single person that will have every one of them,
so we would be wise to find somebody who complements what we have already.

Please take a moment to think about whether you know somebody who would
be a great fit, or you know somebody who might know somebody. Then
either let us know, or pass this mail on, or whatever steps you think
best. Maybe this person is in the non-profit or funder space now, or
maybe they're in industry or academia or the free software world or
somewhere else. Maybe they are you! :)

And don't worry, Nick and I aren't going anywhere. But we would
love to spend more of our time on coding, designing, researching,
community-building, mentoring -- all of the things that brought Tor to
the amazing place it is today.

He should still be recruited as a developer or something equally useful that allows for remote participation. His popularity would be invaluable to the Tor community. His values are almost perfectly aligned with that of the Tor project and he is fortunately a very skilled programmer. Plus, he could probably use the money.

No, I think Ed's situation makes him a stronger candidate for Tor. His plight is one that resonates with free-thinking people around the world, and I think the fact that he's sort of stuck in Russia could make him a more effective figurehead for the Tor project... He's obviously got love and respect for the project. And a few words from him, as well as a well-placed sticker on his laptop, did a lot for creating interest and curiosity in the project. He's inspirational to so many, has a broad and deep understanding of why we need Tor. I'm hard pressed to think of someone better suited for the role. Mr. Snowden, take our money, please!

Fact is Snowden is currently officially considered a fugitive criminal in the US, and Tor is a US based organization that one of its' main PR problems is that Tor is considered by many as a criminal-friendly tool. And fact is he is a devisive figure, many americans consider him a traitor/soviet collaborator/nation securitiy risk.

If and when Snowden is exhonorated and returns to US then I'm sure it would be great to have him in the Tor team, but until then it is not possible.

If I might be so bold, why the hell is Tor still an U.S. based organization anyway?! Sure it gives you standing in US courts, but that seems to be about it on the plus side.
Keep an office and the legal form at your current base and move to Switzerland or Brazil.

Also, continuing this line of thinking, why should it matter what "many americans" consider him to be? Since these "many americans" who continiously don't use their own brains but are informed by fox news and alike have a trained attention span that equals the distance between wallpaper and wall: Who the fuck should give a shit about them until they learn?
Making them learn works about as well as bringing democracy to a country. Both are processes that need to be accomplished from within.

Furthermore, having read this, I don't think suggesting anyone without a U.S. passport makes much sense, as he/she/it could be denied from entering the U.S. or staying there anytime. Something the government sure has an interest in.

It actually really discourages me to read such standardized "the US and it's population are more important than any other country/population" on this blog.

If you can't get this out of your heads, how should the fox news audience ever achieve it?

I think Snowden is a great idea. Why would he need to travel? He is in Russia for heaven's sake. Traveling done through the web. Snowden has proved his patriotism and belief in our rights to free speech , freedom of the press , and a free from tyranny and fascism idea that was once , uniquely found in the American Constitution and the Bill of Rights.

Seriously, Edward should be petitioned by the entire community. His efforts have been revisioned by US congress and a penalty free return is inevitable (for now he can operate remotely). Imagine the impact his leadership would have on the Tor project and the anonymity scene as a whole. Not to mention all of the knowledge he holds about surveillance and security. He is the ideal candidate.

If the Tor doesn't at least attempt to reach out to him, I'll be very disappointed. A possible result of egotism (spotlight being shifted).

His status as a respected whistleblower will help garner positive attention to the Tor project and help to reinforce our goals. He probably needs a job considering the circumstances. Let's show him support and provide him with steady income. It's the least we can do.

I can see it now... News broadcast: "Renowned whistleblower Edward Snowden has been pardoned by the US government and will be returning to the US as the executive director of a project called Tor." Enough said!

Egos aside. It wouldn't hurt to try! Please let us know when the attempt has been made :)

I really understand your enthusiasm. But unfortunately, we have to face reality. An executive director Edward Snowden working remotely for Tor isn't what Tor needs right know. Tor needs someone who leads the organization and represents the main face in public, which includes physical presence at events, conferences and meetings. Being the 'Big Brother' connected via video chat remotely isn't the same as physical presence at the venue.

I know it's hard but reducing expectations prevents disappointment.

@Kate Krauss: By the way, what about Jake? Isn't he the perfect representative for Tor? At least, he is doing a great job as main advocate for Tor. He's eloquent and highly skilled in the field of rhetoric. OK, I see he can't travel everywhere either (political harassment by the USG). Furthermore, he seems to be too radical to be acceptable for the funders in the USG arena.

Because that would mean messing with the blog code which:
a) no one has time for
b) is some old ancient nasty thing with a lot of kludges held together with ducttape, periodic animal sacrifices, and prayer
c) is going to be replaced hopefully sooner rather than later

The blog backend is terrible, and there's no one formally tasked with moderating it. I periodically go through and clean out the mountains of spam that accumulates if it doesn't, I think other people do most of the legit post approval.

A blog is a forum post with forum replies. So, use a forum. That's what we do in all of the projects I have a lead administrative role in. I recommend Simple Machines Forum (SMF). You can see how I use SMF for my personal business blog at livebusinesschat.com (LBC), and you can also see how we use it in a much more sophisticated way, including as a simple bug tracker, at forum.coincompendium.com (CC forum).

Sometimes a specialized solution just creates specialized problems that an insufficient number of people are solving. Forum software is much more general-purpose and much more widely used, thus it is better tested and more reliable. Bugs that would go unnoticed on specialized blog platform software would be found much more quickly by the relatively huge user base of popular forum software.

Think of it this way:

Because blogs fundamentally differentiate between article posters and commenters, the number of blog article posters is limited to privileged people who have a blog. But, on a forum a poster and a commenter is the same thing, so the number of forum posters is larger than blog posters by (probably) several orders of magnitude. Which software, by nature and necessity, is the most reliable? The forum, of course.

Fundamentally, what a blog poster wants is higher visibility than blog commenters. Even the most primitive forum software makes it easy to raise the profile of whatever posts you choose. It is straightforward to configure SMF to automatically raise the profile of certain types of posts. There is more than one way to do this, but the methods I have chosen make it easy to make as many blogs or whatever you want to call them (venues, channels, news, announcements, alerts, pings, etc, etc, etc).

The best part is that you can provide a blog to a user that has complete control over their own blog, but is otherwise like an ordinary user on the rest of the forum. And, of course, if you don't want your blogs to function like forums, it's trivial to simply disable the unnecessary features, to restrict its functioning to be identical to a specialized blog platform - but without all the bugs and maintenance hassle.

If the Tor Project would like help configuring a general-purpose SMF forum to replace the blogs, I would be happy to help with that. If you want to know more about me, you can read my (badon) mediawiki.org user page at this URL:

My worry candidate would be someone with a great resume...
but a deep-seated and masked sense of rivalry who would instinctively work behind the scenes to ultimately oust the founders.

(For example a coup could be done thru good news: bringing new funders on board from a previous position, putting them on the Board of Directors, and then giving the board to understand that the Tor founders are replaceable technicians blocking administrative progress and that new funding pledges are ready but conditional on ouster.)

One unusual source of talent is the congressional staffer corps.
Senior staff in both houses see their jobs as temporary stepping stones to something else, typically senior executive positions in the government or highly paid lobbying positions. A small number of these senior staffers might be aligned on the right side of privacy, have extensive non-profit connections thru their work, and not be completely ignorant on the SW and SW ethos side of things.

I disagree about Edward Snowden. I really think he did something amazing. However it also must be clear that I consider him a hero for that very act.

However, I think despite all this Edward Snowden's biggest problem was not the fact that the NSA spies on the whole planet, but that the NSA spies on US-American citizens. Edward Snowden appears(!) to think that the US has the right and should control the world (for the greater good), just make sure that power doesn't get abused and that US-American citizens should not be spied upon. I accept this opinion, even though I counter it. However I don't think that this makes sense for being the Executive Officer of the Tor Project, especially because of certain relations the US has towards certain countries (that I politically do not want to defend at all).

Last, but not least I think Edward Snowden has way better skills elsewhere and I think he would do an amazing job as Tor contributor as an architect or developer, because he has great insight in how things work. I think, if Edward Snowden would be the Executive Director instead that would be a tremendous waste.

Please don't get me wrong. I really do not think badly of Edward Snowden and from all the interviews with him he seems to be amazing. I don't agree with everything, okay, but hey, people don't have to. I just think when it comes to this very specific position one might find other people.

Other than that: I actually think Edward Snowden should do something less stressful for a while. There should be something like a whistleblower fund or so to help people like Edward Snowden, because I'd imagine it gets way harder to get a well-paid job in the field one feels most comfortable with after blowing the wistle, but that's a different topic..

"Here's the mail I've been sending people to encourage them to think about who would be a great person:"

Thanks, that's pretty clear :)

I can only offer general advice about desirable characteristics of the next Executive Director (see the other threads).

I'd love to see Edward Snowden play a major role, but reluctantly must agree that he probably is not currently in a position to perform security-critical work. I think he's been doing a fine job acting as a kind of "elder spokesman" via telepresence, and I'd love to see him on salary at Amnesty International, HRW, RSF, EFF, or Access Now.

(IANAL. If hiring Snowden is "illegal" according to USG/HMG, perhaps it is time for these great organizations to consider moving to a safer home.)

> My worry candidate would be someone with a great resume...
but a deep-seated and masked sense of rivalry who would instinctively work behind the scenes to ultimately oust the founders.

Is that really likely? Is there some precedent you have in mind at another NGO?

> (For example a coup could be done thru good news: bringing new funders on board from a previous position, putting them on the Board of Directors, and then giving the board to understand that the Tor founders are replaceable technicians blocking administrative progress and that new funding pledges are ready but conditional on ouster.)

You would probably agree then that a major priority for the Project is to diversify funding to ensure that no one government, agency, or corporation has too much influence. (I have in mind not so much a precedent as a related concern: I worry about the increasing influence of a handful of mega-corporations on the Linux Foundation, through the fact that their employees are writing a larger and larger fraction of kernel code. These companies have deep ties to USIC. Might they be tempted to try to insert backdoors on behalf of USIC--- or even to spy on business competitors?)

More generally, you would probably agree that a priority for the Search Committee should be to be suspicious of USIC attempts to "shape" the eventual choice to suit its own "interests". It seems likely they will try, and clearly it would be a disaster for the world if they succeeded.

If a new chief is known mainly for "soft skills" and lacks core knowledge of their organization, they tend to feel inferior surrounded by lieutenants who know more than they do. The new chief solves this in either of two ways: changing the focus of the organization so existing personnel lose their advantage, or by replacing those that know. (Only the latter would be relevant for Tor.)

> One unusual source of talent is the congressional staffer corps.
Senior staff in both houses see their jobs as temporary stepping stones to something else, typically senior executive positions in the government or highly paid lobbying positions.

While there may be some individual exceptions, corruption appears to be the rule in American politics, as you yourself suggest. This would be almost as awful as Tor hiring Michael Hayden away from the Chertoff Group.

I think it is essential to greatly *decrease* the influence of the USG on the Tor Project, given the increasingly oppressive role played by the USA on the world stage.

To mention two examples ripped from the current headlines: in the "national interest" of positioning the US to intervene militarily in resource rich African (Nigeria), President Obama just praised Ethiopia as a "democratic nation". Ethiopia! And in another thread in this blog, we've discussed why the support of the USG for "lawful access" (state-sponsored hacking) services companies is so dangerous for human rights around the world.

I tend to think a more natural place to look would be among people with executive experience in human rights organizations or civil liberties organizations.

It is critically important to make a good choice, and anything tending to suggest to the user base that the USG is worming its way even further into the Tor Project would be deeply harmful.

I feel there is a strong committed culture at Tor. And doubt members based in the US have any fear of arrest merely for participating in Tor.

On the contrary, it is the technical and resources problem of global government-level adversaries that is immense and not completely solvable for a project that is committed to provide almost "normal" browsing in terms of speed and running browser codes. These actors don't need "backdoors" in open source code and in any case they can replace object code at the individual user level (which hopefully doesn't scale well as Arma has mentioned here several times).

That all dwarfs the issue of top-down backdoors that worries you. There are other kinds too. Perhaps someone similarly hostile as you to the U.S. but technically competent might join Tor to put in your own backdoor to help whatever countries you approve of harm in some fashion whatever countries you disapprove of (e.g. US).

> More a composite of various cases over time.
>
> If a new chief is known mainly for "soft skills" and lacks core knowledge of their organization, they tend to feel inferior surrounded by lieutenants who know more than they do. The new chief solves this in either of two ways: changing the focus of the organization so existing personnel lose their advantage, or by replacing those that know. (Only the latter would be relevant for Tor.)

I have the impression that you may speak from experience, but, from the corporate world, not the NGO world. I hope. If you haven't been following the Hacking Team story, that saga offers a sobering example of how a company culture turned sour, after the CEO decided to take the company down the path of state-sponsored-criminality. I don't think that is at all likely to happen at Tor, however, and hopefully would be unlikely at other human rights NGOs.

It is critically important that any credible candidate for Exec. Dir. of Tor Project recognize that, while as I have argued good long term planning, media relations, and maybe even some legislative lobbying may be essential for the long term survival of Tor, in the short run, the only truly essential people are the developers. All choices must verify the criterion of not impeding critical bug fixes or important security/anonymity/usability improvements.

I suppose the devs could help by trying to give the next Exec Dir a chance to prove he/she understands their needs, but this all seems awfully hypothetical, unless you know something I don't.

One problem with choosing as Executive Director someone who participates mainly or exclusively by "telepresence" is that electronic communications are-- hello?! did anyone not understand this lesson from the Snowden leaks?!-- highly vulnerable to interception by NSA SIGINT operators, and to a somewhat lesser extent (?) by other bad guys. Potentially, even communications encrypted may be or may become vulnerable. (Bruce Schneier is among those who worry certain features of AES which could possibly be exploited for direct cryptanalysis. Just because no-one has yet openly published a POC does not prove it is impossible. And GPG relies on an aging encryption algorithm.)

It is a safe bet that some of David Vincenzetti's friends are fantasizing right now about doing to Tor Project what Phineas Fisher did to Hacking Team. What some people with hidden cameras did to Planned Parenthood. And so on and so forth. We can mitigate the hazards by passing the most sensitive communications by word of mouth, and keeping no electronic records.

We need to make everything as hard for our enemies as we can. Choosing as Executive Director someone who is already targeted by (one presumes) every Earthly intelligence agency with global ambitions just doesn't make sense. Much better to try to keep a core of employees in one place, near a windowless meeting room which is regularly swept for bugs.

Hopefully the new person will be smart enough to reverse the blazing stupidity of having chosen StackExchange as the site where new people are told to go and get their questions answered. Here's a perfect example:

A person innocently asks a valid question, immediately gets his question downvoted and then locked out (by people that you will very rarely see actually answering *anyone's* questions, as they obviously regard themselves as elite administrators who are above that). Meanwhile, the non anally fixated and ego driven people can't actually try to provide answers to the question because it's locked. StackExchange is all about rating and criticizing people with questions, so that new users feel like chumps and NEVER come back.

That's all in the self interest of StackExchange corporation, NOT IN THE INTERESTS of having as many Tor users as possible.

Tor is supposed to be about freedom of expression, but the most Draconian, censoring and ego-driven discussion site on the internet was chosen to supposedly help and encourage new users. If Tor is only about the long term, elitist users, then you have no anonymity with your very small crowd. Have you forgotten that?

Q for Mike Perry: it appears that the "rowhammer" bitflipping attack is enabled by "watering hole" websites using Javascript. Is it time to add JS-disabling to the higher levels of Tor Browser security?

I like this site. Thanks to Tor. It rhymes with my innermost sense of freedom of non-violent expression and association with no fear of intimidation from anyone, any authority whether government, religious or monetary organisations.

Good luck in your search for finding an Exec for Tor.

My only 2 cents contribution is the following:

1) Those who are very good/talented programmers and developers are usually weaker in Big picture views.
2) An Exec who is good at both Detailed and General Principles of Freedom of Expression is hard to find.
3) It might be necessary to find someone who is outside the computing or software engineering expertise.
4) It might be necessary to have a team of leaders instead of one leader. Otherwise, it will have to be an overseer who has a few team leaders within each specialty groups.

I think the Project needs one leader. This is not inconsistent with the suggestion that the Project be organized into functional teams, with the possibility of forking a new project whenever some tool which originates in Tor becomes very useful for other open source projects.

I believe that one natural place to search for promising candidates would be in human rights organizations or civil liberties organizations. Look for someone with leadership experience, preferably someone already known to at least some of the key Tor developers. Bonus points for candidates who have a history of skepticism towards mega-corporations such as Google and Amazon, and extra points for those who have been targeted by "cybercrime/cyberwar" type governmental military or civilian agencies.

Not that I want to encourage anyone to "poach" leading talent, but the Exec Dir job of Tor Project is too important not to make an exception.

I strongly agree that it is essential to keep out people who are controlled or even much influenced by the "intelligence needs"/"national interests" of the US (or any other) government. USIC and their British sidekicks are devious and determined to destroy everything that benefits or empowers ordinary people, such as Tor.

I don't think the Project is in a position to do background checks beyond those which would normally be done by any NGO in considering candidates for an executive position. But as long as the Project bears in mind the likelihood that NSA will attempt to influence critical decisions to suit its own agenda, I think common sense may be as good as anything else at making it too easy for USIC to put a Kim Philby at the head of Tor.

While I believe USIC and their sidekicks are capable of anything nasty, I think the greatest danger that NSA will "shape" the future development of the Tor Project comes through dubious funding sources such as DARPA, SRI (which has longstanding ties to USIC), and NED (an Eisenhower-era holdover). For this reason, I hope the next Exec. Dir. will make it a priority to develop secure funding not tied to USG (or Russian or Chinese or UK governments). Ideally the Project would avoid taking money from any government or giant corporation, but as long as overall funding is sufficiently diversified, it might be acceptable to take some money tied to governments which have a good human rights record. On these grounds USA, UK, China, Russia, Saudi Arabia, and a long long LONG list of other nations are disqualified, but Iceland might be acceptable.

I guess you mean either "I want to force my Tor client to choose a new identity every minute" or "I want to force my Tor client to build a new circuit for my path to particular website, every minute". I doubt that these are good for anonymity, if they are even feasible, but it might be coax your client to behave this way.

@arma: is the following issue a serious concern for people running TBB or Tails, not under a hypervisor, on a computer with an Intel CPU manufactured before Jan 2011? If they think they are a likely target of one or more customers of Hacking Team or Gamma?

Intel processors made between 1995 and 2011 contain a serious design flaw that could be used to install invisible rootkits, a researcher has discovered.

...

Intel spotted the error in its processor blueprints and corrected the issue in 2011. Chips built from January that year and onwards are not affected.

According to security specialist Jacob Torrey, operating systems can easily mitigate against the security hole at the hypervisor or virtual memory manager level, protecting themselves from criminals exploiting the design flaw.

> Intel processors made between 1995 and 2011 contain a serious design flaw that could be used to install invisible rootkits, a researcher has discovered.

As arma said in a recent post, it is important for Tor users to try to avoid being infected with malware in the first place.

The bad news from the cited Black Hat talk: once the bad guy (Gamma, Hacking Team, ...) has succeeded in getting root on the PC/laptop used by the victim (journalist, dissident...), s/he may be able to exploit an un-patchable vulnerability in CPUs made by Intel between 1995 and 2010 to infect the victim's computer with an APT root kit which cannot be removed by re-installation, and which is very hard for ordinary citizens to detect.

"By using the wrmsr instruction, the operating system developer can configure a processor core to move its local APIC to anywhere in memory. Just write the new physical memory address to the processor's model specific register 0x001b."
...
"Domas reckons there are hundreds of millions of Intel processors permanently vulnerable – they cannot be updated to fix the problem. A trusty Linux box from the previous decade that's still plodding away, an office of old PCs, or a relative's aging laptop, are the sorts of computers at risk of attack via this vulnerability. Your fancy new gaming rig, your virtual machine in the cloud or on your workstation, and that office PC bought two years ago in the last refresh, are immune."

It is apparently not easy to exploit SMM vulnerabilities, but because SMM is the perfect place to hide a root kit, lots of people have been trying to figure it out.

I am not sure, but it seems to me that people running TBB under their usual OS on a PC/laptop which uses an Intel CPU made between 1995 and 2011 are vulnerable to the new SMM rootkit, provided that the bad guy can get root. Bad guys getting root is already bad news, of course, but the point is that if you suspect it happened, your only option may now be to throw away the computer.

It appears to be possible that people running Tails on a PC/laptop with an Intel CPU made between 1995 and 2010 might be vulnerable to key-logging, tracking, etc, via a Domas-style SMM APT rootkit, provided that a bad guy has been able to get root at some point on the other OS which runs when the computer has not been booted using Tails. Clarification from the Tails team would be very welcome.

It is possible that the wrmsr flaw may be an even more serious issue for people running Tor nodes. Clarification from the Tor team would be appreciated.

AMD is still trying to determine whether its CPUs are also vulnerable to similar flaws. Intel evidently has no intention of patching firmware for affected CPUs, other than high-end CPUs intended for commercial servers.